Skip to main content
Blue @ Work

Reporting cyber attacks to Wellmark

Taking action when an attack occurs.

*This article was last updated May 2020.

In the unfortunate event of a cyber attack or privacy breach in your workplace, you must report these occurrences to Wellmark Blue Cross and Blue Shield. Learn more about what to report and when you should report these events.

Reporting suspected breaches to Wellmark

In the event of a privacy breach or security incident, you are required to report the event no later than 10 business days following the discovery. You must provide a written report via an email to Send Email that includes:

  • The type and date of the breach
  • The type of protected health information (PHI) that was accessed, used or disclosed and by whom (if known)
  • The steps taken to correct the problem
  • Any actions taken to mitigate future cyber attacks

Reporting breaches or cyber attacks to Wellmark ensures we can take action to protect the privacy and security of your employees.

A privacy breach is the inappropriate access, use or disclosure of PHI. You should also keep in mind the HIPAA definition of a breach. A security incident may include:

  • Unauthorized access, use, disclosure, modification or destruction of Wellmark's electronic PHI records
  • Unauthorized interference with system operations that contain or provide access to Wellmark's electronic PHI records

Be sure to carefully review your contract for details on filing any reports.

Take action

Questions? Contact your authorized Wellmark account representative, or email us at Send Email.